What is Data Exfiltration?
Many cyberattacks are geared toward stealing sensitive and valuable information from an organization. Customer information (credentials, payment card data) and intellectual property can be valuable for cybercriminals or to sell on the Dark Web.
However, for an attacker to be able to use or sell data, they need to get it out of an organization’s environment. Data exfiltration is the process of removing data from an organization’s systems without proper authorization.
How Does Data Exfiltration Work?
Data exfiltration is the process of removing data from an organization’s systems without authorization. Mechanisms for data exfiltration can range from attaching a file to an email to a complex malware infrastructure. Some means by which data is exfiltrated from an organization’s environment include:
- Email: Email can be used to exfiltrate data from an organization’s environment, either intentionally or unintentionally. Cybercriminals might use email to send data outside of an organization, or an employee might accidentally CC the wrong person on an email containing sensitive data.
- Malware: Many malware variants include data exfiltration capabilities whether or not it is part of their core function. For example, malware might collect and exfiltrate high-level information about an infected machine to inform the attacker’s next steps or it might be designed for the sole purpose of collecting and stealing as much valuable data as possible.
- USB Drives: USB drives pose a significant data exfiltration risk due to their ability to bypass network firewalls and perimeter security solutions. Data copied to a removable drive can be carried out the door and potentially lost or stolen.
- Cloud Storage: Cloud storage is designed to be easy to use, and many people have personal cloud accounts. Uploading corporate data to personal cloud accounts enables exfiltration of large volumes of sensitive data from corporate systems.
These are some of the most common vectors for data exfiltration, but they are far from an exhaustive list. For example, FTP servers, social media, and physical printouts are also potential vectors for data exfiltration.
Common Data Exfiltration Threats
A term like data exfiltration sounds like something only an attacker would do. However, companies face data exfiltration risks from several places, including:
- Cybercriminals: Cybercriminals are commonly focused on data exfiltration because corporate data is often valuable to them. Attackers may use any of the forms of exfiltration discussed above.
- Departing Employees: Many people take corporate data with them when they leave a company, either voluntarily or as a result of involuntary termination. Often, the rationale is that the data is the result of their work and therefore belongs to them.
- Negligent Employees: Employees can also expose or exfiltrate corporate data by accident. For example, an employee may upload data to a personal cloud to make it easier to access when working from home.
Companies face data exfiltration threats from both inside and outside the organization. Access controls and data loss prevention (DLP) solutions are two examples of tools that can be used to prevent data exfiltration by managing access to it and blocking sensitive data from leaving the company network.